Support elliptic-curve Diffie-Hellman GSS KEX.

This is surprisingly simple, because it wasn't necessary to touch the GSS parts at all. Nothing changes about the message formats between integer DH and ECDH in GSS KEX, except that the mpints sent back and forth as part of integer DH are replaced by the opaque strings used in ECDH. So I've invented a new KEXTYPE and made it control a bunch of small conditionals in the middle of the GSS KEX code, leaving the rest unchanged.
2025-07-17 11:00:59 -05:00 · 2022-08-29 11:35:34 +01:00
parent 031d86ed5b
commit cec8c87626
6 changed files with 138 additions and 44 deletions
--- a/crypto/ecc-ssh.c
+++ b/crypto/ecc-ssh.c
@ -1644,6 +1644,14 @@ const ssh_kex ssh_ec_kex_curve25519_libssh = {
    .ecdh_vt = &ssh_ecdhkex_m_alg,
    .extra = &kex_extra_curve25519,
 };
+/* GSSAPI variant */
+static const ssh_kex ssh_ec_kex_curve25519_gss = {
+    .name = "gss-curve25519-sha256-" GSS_KRB5_OID_HASH,
+    .main_type = KEXTYPE_GSS_ECDH,
+    .hash = &ssh_sha256,
+    .ecdh_vt = &ssh_ecdhkex_m_alg,
+    .extra = &kex_extra_curve25519,
+};

 static const struct eckex_extra kex_extra_curve448 = { ec_curve448 };
 const ssh_kex ssh_ec_kex_curve448 = {
@ -1669,6 +1677,14 @@ const ssh_kex ssh_ec_kex_nistp256 = {
    .ecdh_vt = &ssh_ecdhkex_w_alg,
    .extra = &kex_extra_nistp256,
 };
+/* GSSAPI variant */
+static const ssh_kex ssh_ec_kex_nistp256_gss = {
+    .name = "gss-nistp256-sha256-" GSS_KRB5_OID_HASH,
+    .main_type = KEXTYPE_GSS_ECDH,
+    .hash = &ssh_sha256,
+    .ecdh_vt = &ssh_ecdhkex_w_alg,
+    .extra = &kex_extra_nistp256,
+};

 static const struct eckex_extra kex_extra_nistp384 = { ec_p384 };
 const ssh_kex ssh_ec_kex_nistp384 = {
@ -1678,6 +1694,14 @@ const ssh_kex ssh_ec_kex_nistp384 = {
    .ecdh_vt = &ssh_ecdhkex_w_alg,
    .extra = &kex_extra_nistp384,
 };
+/* GSSAPI variant */
+static const ssh_kex ssh_ec_kex_nistp384_gss = {
+    .name = "gss-nistp384-sha384-" GSS_KRB5_OID_HASH,
+    .main_type = KEXTYPE_GSS_ECDH,
+    .hash = &ssh_sha384,
+    .ecdh_vt = &ssh_ecdhkex_w_alg,
+    .extra = &kex_extra_nistp384,
+};

 static const struct eckex_extra kex_extra_nistp521 = { ec_p521 };
 const ssh_kex ssh_ec_kex_nistp521 = {
@ -1687,6 +1711,14 @@ const ssh_kex ssh_ec_kex_nistp521 = {
    .ecdh_vt = &ssh_ecdhkex_w_alg,
    .extra = &kex_extra_nistp521,
 };
+/* GSSAPI variant */
+static const ssh_kex ssh_ec_kex_nistp521_gss = {
+    .name = "gss-nistp521-sha512-" GSS_KRB5_OID_HASH,
+    .main_type = KEXTYPE_GSS_ECDH,
+    .hash = &ssh_sha512,
+    .ecdh_vt = &ssh_ecdhkex_w_alg,
+    .extra = &kex_extra_nistp521,
+};

 static const ssh_kex *const ec_kex_list[] = {
    &ssh_ec_kex_curve448,
@ -1699,6 +1731,17 @@ static const ssh_kex *const ec_kex_list[] = {

 const ssh_kexes ssh_ecdh_kex = { lenof(ec_kex_list), ec_kex_list };

+static const ssh_kex *const ec_gss_kex_list[] = {
+    &ssh_ec_kex_curve25519_gss,
+    &ssh_ec_kex_nistp521_gss,
+    &ssh_ec_kex_nistp384_gss,
+    &ssh_ec_kex_nistp256_gss,
+};
+
+const ssh_kexes ssh_gssk5_ecdh_kex = {
+    lenof(ec_gss_kex_list), ec_gss_kex_list
+};
+
 /* ----------------------------------------------------------------------
 * Helper functions for finding key algorithms and returning auxiliary
 * data.